Malicious artifacts seen in the context of a contacted hostįound malicious artifacts related to "178.79.179.144". "iexplore.exe" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 736) "iexplore.exe" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 736)
"iexplore.exe" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 736) "" wrote 52 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1700) "" wrote 32 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1700)
"" wrote 4 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1700) "" wrote 1500 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1700) "" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 1784) "" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 1784) "" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 1784) "" wrote 52 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1740) "" wrote 32 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1740) "" wrote 4 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1740) "" wrote 1500 bytes to a remote process "C:\Windows\System32\rundll32.exe" (Handle: 1740) "" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\psiphon-tunnel-core.exe" (Handle: 1708) "" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\psiphon-tunnel-core.exe" (Handle: 1708) "" wrote 32 bytes to a remote process "%TEMP%\psiphon-tunnel-core.exe" (Handle: 1708)
0 kommentar(er)
